Abstract
In public transport ticketing, the tap-in / tap-out user experience is an established metaphor since contactless NFC cards were introduced as travel cards some ten years ago. In our solution fixed smart cards at train station are tapped by NFC-enabled mobile phones of users. By leveraging the phones’ communication capabilities, a possible embedded trusted execution environment (TEE) and the user interface, we have constructed a secure solution for so-called non-gated ticketing, where end user devices produce and report ticketing evidence under the threat of inspection. This is technically quite different from the traditional model where a certified, secure reader is tapped by a passive card. Learnings from a public ticketing trial conducted in the Port Washington branch of the LIRR train network in New York is presented along with an overview of the NFC protocols used in that trial. We also discuss extensions to the protocol with the goal to enable ticketing also for NFC phones without TEE support.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)
Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.-R., Shastry, B.: Practical and lightweight domain isolation on android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011, pp. 51–62. ACM, New York (2011)
Chaumette, S., Dubernet, D., Ouoba, J., Siira, E., Tuikka, T.: Architecture and comparison of two different user-centric NFC-enabled event ticketing approaches. In: Balandin, S., Koucheryavy, Y., Hu, H. (eds.) NEW2AN 2011 and ruSMART 2011. LNCS, vol. 6869, pp. 165–177. Springer, Heidelberg (2011)
de Koning Gans, G., Hoepman, J.-H., Garcia, F.D.: A practical attack on the MIFARE classic. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008)
Derler, D., Potzmader, K., Winter, J., Dietrich, K.: Anonymous ticketing for NFC-enabled mobile phones. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 66–83. Springer, Heidelberg (2012)
Dmitrienko, A., Sadeghi, A.-R., Tamrakar, S., Wachsmann, C.: SmartTokens: Delegable access control with NFC-enabled smartphones. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 219–238. Springer, Heidelberg (2012)
Ekberg, J.-E., Tamrakar, S.: Mass transit ticketing with NFC mobile phones. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 48–65. Springer, Heidelberg (2012)
Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)
Garcia, F., van Rossum, P., Verdult, R., Schreur, R.W.: Wirelessly pickpocketing a mifare classic card. In: IEEE Symposium on Security and Privacy, pp. 3–15 (2009)
Ghiron, S.L., Sposato, S., Medaglia, C.M., Moroni, A.: Nfc ticketing: A prototype and usability test of an nfc-based virtual ticketing application. In: First International Workshop on Near Field Communication, NFC 2009, pp. 45–50 (February 2009)
Huang, E.: Automated Security Analysis of Payment Protocols. Ph. D. Thesis, Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering (2012)
ISO/IEC 14443: Identification cards – Contactless integrated circuit cards – Proximity cards. ISO, Geneva, Switzerland (2008)
Kostiainen, K., Ekberg, J.-E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: ASIACCS 2009: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 104–115. ACM, New York (2009)
mobiThinking: Global mobile statistics 2012 part b: Mobile web; mobile broadband penetration; 3g/4g subscribers and networks, http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats/b (accessed: February 2013)
Smart Card Alliance: Transit and contactless open payments: An emerging approach for fare collection. A Smart Card Alliance Transportation Council White Paper (November 2011), http://www.smartcardalliance.org/resources/pdf/Open_Payments_WP_110811.pdf (accessed: February 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tamrakar, S., Ekberg, JE. (2013). Tapping and Tripping with NFC. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds) Trust and Trustworthy Computing. Trust 2013. Lecture Notes in Computer Science, vol 7904. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38908-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-38908-5_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38907-8
Online ISBN: 978-3-642-38908-5
eBook Packages: Computer ScienceComputer Science (R0)